Solved

I am working on a Juniper-NS5GT  firewall and I need to port foward 3389 to a client machine

Posted on 2009-05-19
8
645 Views
Last Modified: 2013-11-16
I have a third party app company who is going to need to get into a machine
To make it easier for you guys  here is the IP of the router 192.168.7.1
here is the IP address of the client Machine 192.168.7.56
Please advise on this thank you and I ask for no KB articles just simple answers as I am under the GUN to get this done
0
Comment
Question by:explorer648
  • 6
  • 2
8 Comments
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425484
Try this:

Go to Objects ->Services -> Custom
Create a new service for TCP port 3389

Create a policy from Untrust to Trust
Source Address - Any or if you know the IP of your partner
Destination Address - 192.168.7.56
Service - Custom Service
Action - Permit
Check logging and at session beginning (Optional)

I think that should do it
0
 

Author Comment

by:explorer648
ID: 24425688
Umm tried it and after i did it it does not work?
here is the screen shots



policy-page.bmp
PORT.bmp
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425978
My bad, i was wrong on the destination setup.

Create a Address list called VIP TS
Assign your public IP

In Network -> Interfaces
Edit your public interface

Goto VIP properties
Create new VIP service
Assign port 3389 to 192.168.7.56

Now set your destination address in your policy as VIP TS
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425997
PS  Setup your VIP TS as a Global address
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Expert Comment

by:drewha1969
ID: 24426866
As a side note, this should work, as we have it done this way to pass port 80 to our webserver, however I am definitely not a security guru and am not sure of all the ramifications of opening up a desktop to the internet on that port.  As far as i know, if the machine has strong passwords, it should be safe, but again, I am no guru.

To clarify and make sure I have given you the correct information, it sounds like you do not have a VPN setup between your 2 networks and you are trying to connect over the internet.  If so, setting up the destination as I have described above should work.
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24431253
I feel I may have been rushing through the VIP part and left out some details so:

Network -> Interfaces
Edit Public Interface (Usually Ethernet 3)
VIP
If no previous entries, follow the next step, else skip to New VIP Service
Add/Modify VIP entry -> select "Same as the untrusted interface IP address" -> Add

New VIP Service
Virtual IP -> Public IP
Virtual Port -> 3389
Map to Service -> Custom service (TS) 3389
Map to IP -> 192.168.7.56
Check Server Autodetection

0
 
LVL 6

Accepted Solution

by:
drewha1969 earned 500 total points
ID: 24431285
Sorry again, set the netmask as 32 for your global address.
VIP TS = PublicIP/32
0
 

Author Comment

by:explorer648
ID: 24606965
I have not had a chance to try this new solution yet I will try it and see where it takes me
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now